CVE-2025-71140

Description

In the Linux kernel, the following vulnerability has been resolved:media: mediatek: vcodec: Use spinlock for context list protection lockPreviously a mutex was added to protect the encoder and decoder contextlists from unexpected changes originating from the SCP IP block, causingthe context pointer to go invalid, resulting in a null pointerdereference in the IPI handler.Turns out on the MT8173, the VPU IPI handler is called from hard IRQcontext. This causes a big warning from the scheduler. This was firstreported downstream on the ChromeOS kernels, but is also reproducibleon mainline using Fluster with the FFmpeg v4l2m2m decoders. Even thoughthe actual capture format is not supported, the affected code pathsare triggered.Since this lock just protects the context list and operations on it arevery fast, it should be OK to switch to a spinlock.

Risk Information

Base Score

8.6

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

EPSS Score

Exploitation Probability

0.025

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234